Description

Note on implementation details

Before this ticket we created ResourcePermission records for every portlet placed on a page. The records were identified by plid_LAYOUT_ppid primary key, however, in most cases they only duplicated default permissions defined in resource-actions.xml for the respective portlet-resource.

The implementation changes the behaviour and don't create plid_LAYOUT_ppid records on the fly.

When portlet is added to a page, we use defaultResourcePermission records that are created during portlet deployment.

The default portlet resources / records are created on SCOPE_INDIVIDUAL level with name == primKey == rootPortletId (i.e. portletName_WAR_plugincontext).

When a portal administrator assign new permissions on SCOPE_COMPANY level, these are applied, as well as SCOPE_GROUP and SCOPE_GROUP_TEMPLATE resource permissions.

When the portal administrator defines permissions for the portlet on the page = changes the default portlet resources, we create a new plid_LAYOUT_ppid records with those manual changes, that applies only to the {portlet, page} permissions.

Low-level implementation note: The default portlet resource permission recods are created for OWNER, GUEST and SITE_MEMBER roles. During permission checking these records are picked up when user belongs to that roles.